DESCRIPTION:Valentin Hoebel has reported a vulnerability in the JE Ajax EventCalendar component for Joomla, which can be exploited by maliciouspeople to disclose potentially sensitive information.

Input passed to the "view" parameter in index.php (when "option" isset to "com_jeajaxeventcalendar") is not properly verified beforebeing used to include files. This can be exploited to includearbitrary files from local resources via directory traversal attacksand URL-encoded NULL bytes.

The vulnerability is reported in version 1.0.1. Other versions mayalso be affected.

SOLUTION:Edit the source code to ensure that input is properly verified.

GET LASTEST UPDATE

SOCIAL MEDIA

The Joomla!® name and logo is used under a limited license granted by Open Source Matters the trademark holder in the United States and other countries.JoomlaCorner.com is not affiliated with or endorsed by Open Source Matters or the Joomla!® Project